PhishTool automatically retrieves all of the relevant metadata from a phishing email, providing you with the most comprehensive technical view of a phishing email possible. This combined with our OSINT and heuristic detection, makes PhishTool one seriously powerful tool.

OSINT automation for hackers.
A recursive internet scanner for hackers.

BEE·bot is a multipurpose scanner inspired by Spiderfoot, built to automate your Recon, Bug Bounties, and ASM!

• BBOT @ GitHub.

The Ultimate Information Gathering Toolkit. A Python-based toolkit for Information Gathering and Reconnaissance.

Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and reconnaissance. With a user-friendly interface and a suite of powerful modules, Argus empowers you to explore networks, web applications, and security configurations efficiently and effectively.

Slack enumeration and exposed secrets detection tool. Monitoring and enumerating Slack for exposed secrets

LOLESXi features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations. The information on this site is compiled from open-source threat research.

• LOLESXi @ GitHub.

Gitxray (short for Git X-Ray) is a multifaceted security tool designed for use on GitHub repositories. It can serve many purposes, including OSINT and Forensics. gitxray leverages public GitHub REST APIs to gather information that would otherwise be very time-consuming to obtain manually. Additionally, it seeks out information in unconventional places.

• Gixray @ GitHub.
• gitxray: leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more @ meterpreter.org.

Go CLI and Library for quickly mapping organization network ranges using ASN information.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.

SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and MIT-licensed.

Tracking ransomware's victims since April 2022

A ransomware is a type of malware used by cybercriminals to encrypt the victim's files and make them inaccessible unless they pay the ransom. Today cybercriminals are more sophisticated, and they not only encrypt the victim's files also they leaking their data to the Darknet unless they will pay the ransom.

Ransomware.live is originally a fork of ransomwatch and inspired by ransomlook. Ransomware.live is a ransomware leak site monitoring tool. It will scrape all of the entries on various ransomware leak sites and published them.

• Ransomware.live @ GitHub.
• 🚨Voici un outil et ressource de surveillance de dataleaks à la suite de ransomware. @ Laurent M.'s LinkedIn :fr:.

Domain Public Data Collection Service.

DPULSE is a software solution for conducting OSINT research in relation to a certain domain.

• DPULSE @ GitHub.
• 🕵️‍♂️ DPULSE : Outil d'OSINT pour l'analyse de domaines 🌐 @ Maory Schroder's LinkedIn :fr:.

Find and verify secrets. Find leaked credentials.

TruffleHog is the most powerful secrets Discovery, Classification, Validation, and Analysis tool. In this context secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more...

Collection of Cyber Threat Intelligence sources from the Deep and Dark Web

The aim of this project is to collect the sources, present in the Deep and Dark web, which can be useful in Cyber Threat Intelligence contexts.

Cyber Theat live dashboard

The World’s First Truly Open Threat Intelligence Community

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

The OWASP Amass Project has developed a framework to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.

OWASP Amass.

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas:

Extract and aggregate threat intelligence. An extendable tool to extract and aggregate IOCs from threat feeds.

ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks.

A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within other tools.

If you'd like to use the artifacts in your own tools, all you need to be able to do is read YAML. That is it, no other dependencies. The Python code in this project is just used to validate all the artifacts to make sure they follow the specification.

A distributed vulnerability database for Open Source.
An open, precise, and distributed approach to producing and consuming vulnerability information for open source.